Take a Virtual, Interactive Tour 

Cyber Security, Malware, Network Security, GoLang

5 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years. 
This new trend was backed by this report that malware writers are actually moving away from C and C++ to Go. This language was released back in 2007 by Google. The first malware written in Go was discovered in 2012.
Intezer states "Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence," Now that has changed since Golang is now becoming common.
Why is it so popular all of a sudden? Well due to Go is fairly easy to be cross-platform. Which in turn allows Malware writers to only needing to write code once and put in binaries from other platforms to be able to cross-platform. So, they can target Windows, Mac, and Linux. Making the malware versatile, another reason is how Golang binaries are a pain to analyze and reverse engineer by security researchers. For Malware writers that's extremely good as it makes the malware detection lower.
The final reason is how Go is built to work extremely well with network packets and requests, it has cloud-native applications already built into it. It's easy to work with especially when it comes to C++ network services.
It's a big plus for these malware writers/developers to have everything they need in one place. Saves them time and probably headaches so it's no wonder Golang malware's are popular all of a sudden. 
"Many of these malware [families] are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets. Also, ransomware has been written in Go and appears to become more common," (Intezer, 2021)
Here are some of the malware seen using Golang in the past year:

Zebrocy - Russian state-sponsored group APT28 created a Go-based version of their Zebrocy malware.

WellMess - Russian state-sponsored group APT29 deployed new upgraded versions of their Go-based WellMess malware.

Godlike12 - A Chinese state-sponsored group deployed Go-based backdoors for attacks on the Tibetan community.

Go Loader - The China-linked Mustang Panda APT deployed a new Go-based loader.

GOSH - The infamous Carbanak group deployed a new RAT named GOSH written in Golang back in August.
Glupteba - New versions of the Glupteba loader were seen in 2020, more advanced than ever.
A new RAT targeting Linux servers running Oracle WebLogic was seen by Bitdefender.

CryptoStealer.Go - New and improved versions of the CryptoStealer.Go malware was seen in 2020. This malware targets cryptocurrency wallets and browser passwords.


What Malware Has Taught Me

Friday, April 8, 2022, I'm at my desk doing homework. I run my Virtualbox machine and can't figure out why it keeps giving me errors and shutting down, so I go to the UAT Cyber Studies Discord for ...
Picture of Emily K. Emily K. 5 Min Read

The Batman NFT: Fabulous or Ridiculous?

It has been announced that DC and Warner Bros will be releasing Batman-themed NFTs later this month. You may be asking what is an NFT? NFT stands for non-fungible token and the people selling them ...
Picture of Tyler Higgins Tyler Higgins 5 Min Read

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 5 Min Read